Buffer overflow in Qt - CVE-2018-19869

 

Buffer overflow in Qt - CVE-2018-19869

Published: May 4, 2020


Vulnerability identifier: #VU27496
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2018-19869
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Trolltech
Affected software:
Qt

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing SVG images within the qsvghandler.cpp file in Qt. A remote attacker can create a specially crafted image, pass it to he application that uses Qt library for SVG processing, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


How to mitigate CVE-2018-19869

Install updates from vendor's website.

Sources